apko/apko.changes

-------------------------------------------------------------------
Mon Mar 10 12:43:48 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.25.2:
  * apko: make apk cache safer for multi-writers (#1564)
  * build(deps): bump docker/setup-qemu-action from 3.5.0 to 3.6.0
    (#1552)
  * build(deps): bump github.com/chainguard-dev/clog from 1.6.1 to
    1.7.0 (#1555)
  * spdx: add attributionText field (#1554)
  * dot: Do a slightly better job (#1553)
  * apk/signature: remove support for creating new SHA1 signatures
    (#1496)
  * build(deps): bump google.golang.org/api from 0.222.0 to 0.223.0
    (#1545)
  * build(deps): bump github.com/go-git/go-git/v5 from 5.13.2 to
    5.14.0 (#1548)
  * build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to
    3.0.4 in the go_modules group (#1547)
  * build(deps): bump docker/setup-qemu-action from 3.4.0 to 3.5.0
    (#1549)
  * Make LockImageConfiguration incorporate options (#1540)
  * build(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1
    (#1537)
  * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0
    (#1542)
  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to
    4.0.5 in the go_modules group (#1539)
  * build(deps): bump golangci/golangci-lint-action from 6.3.2 to
    6.5.0 (#1532)
  * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2
    (#1527)
  * build(deps): bump github.com/klauspost/compress from 1.17.11 to
    1.18.0 (#1536)
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.4.2 to
    2.4.3 (#1535)
  * build(deps): bump google.golang.org/api from 0.220.0 to 0.222.0
    (#1534)
  * build(deps): bump step-security/harden-runner from 2.10.4 to
    2.11.0 (#1533)
  * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
    (#1531)

-------------------------------------------------------------------
Sun Feb 16 08:52:28 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.25.1:
  * Improve conflict error (#1529)

-------------------------------------------------------------------
Thu Feb 13 06:17:28 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.25.0:
  * spdx: explain SHA1 usage (#1501)
  * Consider already selected packages during solve (#1406)
  * build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to
    5.13.2 (#1491)
  * build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
    (#1511)
  * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0
    (#1510)
  * build(deps): bump github.com/chainguard-dev/clog from 1.5.1 to
    1.6.1 (#1500)
  * move some unnecessary logs to debug (#1522)
  * build(deps): bump golang.org/x/time from 0.9.0 to 0.10.0
    (#1509)
  * build(deps): bump go.step.sm/crypto from 0.57.0 to 0.57.1
    (#1504)
  * build(deps): bump chainguard.dev/sdk from 0.1.29 to 0.1.31
    (#1498)
  * build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0
    (#1515)
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.4.1 to
    2.4.2 (#1517)
  * build(deps): bump golangci/golangci-lint-action from 6.3.0 to
    6.3.2 (#1521)
  * clean up ci permissions and update golangci-lint (#1523)
  * build(deps): bump goreleaser/goreleaser-action from 6.1.0 to
    6.2.1 (#1520)
  * build(deps): bump google.golang.org/api from 0.217.0 to 0.220.0
    (#1514)
  * build(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0
    (#1513)
  * build(deps): bump golangci/golangci-lint-action from 6.2.0 to
    6.3.0 (#1512)

-------------------------------------------------------------------
Fri Jan 31 05:36:31 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.24.0:
  * Allow passing in an http.RoundTripper (#1505)
  * fix(apk/client): silence request logging (#1497)
  * Return an if fetching index fails (#1495)
  * Disallow '/' in key name (#1494)
  * Revert "Disallow `/` in key names" (#1493)
  * Disallow `/` in key names

-------------------------------------------------------------------
Thu Jan 23 06:07:29 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.23.0:
  * fix multi key support in APKINDEX verification (#1490)

-------------------------------------------------------------------
Wed Jan 22 05:58:48 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.7:
  * Guard against os-release panic (#1488)
  * build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 (#1487)
  * build(deps): bump google.golang.org/api from 0.216.0 to 0.217.0
    (#1480)
  * build(deps): bump go.opentelemetry.io/otel from 1.33.0 to
    1.34.0 (#1486)
  * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1
    (#1482)
  * build(deps): bump go.step.sm/crypto from 0.56.0 to 0.57.0
    (#1479)
  * build(deps): bump step-security/harden-runner from 2.10.3 to
    2.10.4 (#1484)
  * build(deps): bump github.com/google/go-containerregistry from
    0.20.2 to 0.20.3 (#1481)
  * build(deps): bump golangci/golangci-lint-action from 6.1.1 to
    6.2.0 (#1483)
  * Fix package name handling to retain version and strip ‘@’
    suffix (#1472)
  * build(deps): bump google.golang.org/api from 0.215.0 to 0.216.0
    (#1473)
  * build(deps): bump step-security/harden-runner from 2.10.2 to
    2.10.3 (#1476)
  * Improve error graph for failed solve (#1474)

-------------------------------------------------------------------
Thu Jan 09 06:40:49 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.6:
  * Base32-encode etag values (#1470)
  * build(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0
    (#1469)
  * Add the extra flags to `build-minirootfs` (#1467)
  * Fix logging output of user.GID (#1466)
  * build(deps): bump google.golang.org/api from 0.214.0 to 0.215.0
    (#1465)

-------------------------------------------------------------------
Tue Jan 07 08:04:31 UTC 2025 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.5:
  * Return err if locking fails (#1464)
  * build(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to
    5.13.1 (#1461)
  * build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
    (#1463)
  * build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 (#1462)
  * build(deps): bump github.com/invopop/jsonschema from 0.12.0 to
    0.13.0 (#1460)
  * build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
    5.13.0 (#1458)
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0
    (#1459)
  * build(deps): bump chainguard.dev/sdk from 0.1.28 to 0.1.29
    (#1428)

-------------------------------------------------------------------
Sat Dec 21 14:18:05 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.4:
  * Mark base image as experimental (#1453)
  * build(deps): bump go.step.sm/crypto from 0.55.0 to 0.56.0
  * (#1451) build(deps): bump google.golang.org/api from 0.213.0 to
  * 0.214.0 (#1452)

-------------------------------------------------------------------
Fri Dec 20 05:52:08 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.3:
  * Make GID its own type to prevent defaulting to 0 (#1449)
  * Create codeql.yml (#1439)
  * build(deps): bump google.golang.org/api from 0.211.0 to 0.213.0
    (#1446)
  * Add a unit test for the sort ordering change. (#1444)
  * Add an explicit sort to squash diffs. (#1443)

-------------------------------------------------------------------
Sat Dec 14 21:34:51 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.2:
  * Lock image configs before building (#1441)

-------------------------------------------------------------------
Sat Dec 14 21:32:36 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.1:
  * pkg/apk: switch to SHA2-256 based signatures by default (#1440)

-------------------------------------------------------------------
Sat Dec 14 21:15:16 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.22.0:
  * pkg/apk: switch to SHA2-256 based signatures by default
  * Include /opt by default (#1435)
  * build(deps): bump go.opentelemetry.io/otel from 1.32.0 to
    1.33.0 (#1437)
  * build(deps): bump github/codeql-action from 3.27.7 to 3.27.9
    (#1438)
  * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.32.0
    (#1434)
  * build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in
    the go_modules group (#1433)
  * build(deps): bump actions/setup-go from 5.0.2 to 5.2.0 (#1431)
  * build(deps): bump google.golang.org/api from 0.209.0 to 0.211.0
    (#1429)

-------------------------------------------------------------------
Thu Dec 12 05:54:50 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.21.0:
  * Make LockImageConfiguration multi-arch aware (#1432)

-------------------------------------------------------------------
Wed Dec 11 07:01:11 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.20.2:
  * Ignore scripts that aren't executable (#1427)
  * build(deps): bump github/codeql-action from 3.27.6 to 3.27.7
    (#1426)
  * use retryablehttp in DiscoverKeys and pkg/apk (#1398)
  * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0
    (#1422)
  * build(deps): bump golang.org/x/sys from 0.27.0 to 0.28.0
    (#1421)
  * build(deps): bump go.step.sm/crypto from 0.54.2 to 0.55.0
    (#1419)
  * build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
    (#1420)
  * build(deps): bump github.com/chainguard-dev/clog from
    1.5.1-0.20240811185937-4c523ae4593f to 1.5.1 (#1418)
  * build(deps): bump github.com/stretchr/testify from 1.9.0 to
    1.10.0 (#1417)
  * build(deps): bump google.golang.org/api from 0.207.0 to 0.209.0
    (#1414)
  * Drop tests that are failing (#1416)
  * fix(spdx): more helpful error message on license merge (#1413)
  * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3
    (#1411)

-------------------------------------------------------------------
Thu Nov 21 07:50:29 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.20.1:
  * fix: Allow accounts to belong to GID 0 (#1407)
  * build(deps): bump github/codeql-action from 3.27.4 to 3.27.5
    (#1410)
  * build(deps): bump google.golang.org/api from 0.206.0 to 0.207.0
    (#1409)
  * build(deps): bump step-security/harden-runner from 2.10.1 to
    2.10.2 (#1408)
  * build(deps): bump google.golang.org/api from 0.205.0 to 0.206.0
    (#1405)

-------------------------------------------------------------------
Fri Nov 15 07:06:24 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.20.0:
  * Pass errors up the stack in CalculateWorld and InstallPackages
    (#1404)
  * build(deps): bump github/codeql-action from 3.27.2 to 3.27.4
    (#1403)
  * build(deps): bump go.step.sm/crypto from 0.54.0 to 0.54.2
    (#1402)
  * build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 (#1389)
  * build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0
    (#1390)
  * build(deps): bump github/codeql-action from 3.27.1 to 3.27.2
    (#1400)
  * build(deps): bump github/codeql-action from 3.27.0 to 3.27.1
    (#1395)
  * build(deps): bump go.opentelemetry.io/otel from 1.31.0 to
    1.32.0 (#1396)
  * build(deps): bump google.golang.org/api from 0.204.0 to 0.205.0
    (#1388)
  * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 (#1391)
  * Add support for extras in `build-cpio` (#1394)
  * build(deps): bump goreleaser/goreleaser-action from 6.0.0 to
    6.1.0 (#1392)
  * Record the `apko.json` file used to produce this image. (#1353)
  * docs(apk): document apkindex methods (#1393)

-------------------------------------------------------------------
Tue Nov 12 07:33:59 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.9:
  * fix: --cache-dir broken after in 0.19.3+ (#1382)
  * fix: ensure cacheTransport returns an error for non-200
    responses (#1381)
  * Attempt to flush renamed files in cache (#1387)

-------------------------------------------------------------------
Tue Nov 05 09:44:20 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.8:
  * build(deps): bump google.golang.org/api from 0.203.0 to 0.204.0
    (#1384)
  * Re-instantiate each APK's tarfs after caching (#1383)

-------------------------------------------------------------------
Thu Oct 31 20:05:38 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.7:
  * Drop errgroup.WithContext and add withCause (#1380)
  * Allow multiauthenticator to try all authenticators (#1379)

-------------------------------------------------------------------
Wed Oct 30 08:08:58 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.6:
  * MergeInto should include Volumes (#1376)

-------------------------------------------------------------------
Tue Oct 29 13:58:07 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.5:
  * rsa: remove backwards compat APIs (#1307)
  * fix bug with triggers encoded in triggers file (#1358)

-------------------------------------------------------------------
Sat Oct 26 08:22:36 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.4:
  * Make MergeInto threadsafe (#1374)
  * set downloadLocation to NOASSERTION when apk.URL is unset
    (#1372)
  * fix concurrent annotation map update (#1370)
  * fix data race in index cache (#1369)

-------------------------------------------------------------------
Fri Oct 25 12:12:31 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.3:
  * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2
    (#1363)
  * build(deps): bump github/codeql-action from 3.26.13 to 3.27.0
    (#1356)
  * build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#1355)
  * build(deps): bump google.golang.org/api from 0.201.0 to 0.203.0
    (#1362)
  * Avoid race when mutating annotations (#1368)
  * Stop using real headers for side channels (#1367)
  * fix(sbom): deduplicate SBOM packages by ID (#1366)
  * allow key lookups for http (#1365)
  * SBOM test cleanup (#1361)
  * don't attempt to discover chainguard keys for local file paths
    (#1360)
  * Work around sendfile bug (#1359)
  * Preserve APK timestamps when using dirfs (#1352)
  * build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28
    (#1351)
  * build(deps): bump github.com/klauspost/compress from 1.17.10 to
    1.17.11 (#1343)
  * build(deps): bump go.opentelemetry.io/otel from 1.30.0 to
    1.31.0 (#1346)
  * build(deps): bump github/codeql-action from 3.26.12 to 3.26.13
    (#1344)
  * build(deps): bump chainguard.dev/sdk from 0.1.26 to 0.1.27
    (#1347)
  * build(deps): bump google.golang.org/api from 0.199.0 to 0.201.0
    (#1348)
  * build(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#1340)
  * build(deps): bump github/codeql-action from 3.26.11 to 3.26.12
    (#1339)
  * build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0
    (#1338)
  * build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0
    (#1335)
  * build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 (#1336)
  * Update go to 1.23.2 and golangci-lint (#1334)
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to
    2.4.1 (#1331)
  * build(deps): bump chainguard.dev/sdk from 0.1.25 to 0.1.26
    (#1328)
  * build(deps): bump golangci/golangci-lint-action from 6.1.0 to
    6.1.1 (#1329)
  * build(deps): bump github/codeql-action from 3.26.10 to 3.26.11
    (#1332)
  * build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0
    (#1333)
  * Make etag checks optional (#1327)
  * don't attempt to discover keys for file path repos (#1326)
  * cleanup: remove Lima documentation (#1325)
  * use slog default logger for CG auth exchange (#1324)
  * Drop a period from a command's help (#1312)
  * build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0
    (#1322)
  * build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0
    (#1320)
  * build(deps): bump github/codeql-action from 3.26.9 to 3.26.10
    (#1323)
  * fix(ci): mark GitHub releases as latest from prerelease (#1277)
  * Fail if APKINDEX has single-character lines (#1321)
  * build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#1319)
  * build(deps): bump github.com/klauspost/compress from 1.17.9 to
    1.17.10 (#1315)
  * build(deps): bump github/codeql-action from 3.26.8 to 3.26.9
    (#1318)
  * Cache some more expensive operations (#1317)
  * set OCI created annotation (#1316)
  * cg auth: fix sometimes (#1314)

-------------------------------------------------------------------
Sat Sep 21 17:09:02 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.2:
  * set audience correctly, no https (#1313)
  * point to the apk.cgr.dev repo urls (#1311)

-------------------------------------------------------------------
Sat Sep 21 17:06:46 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.1:
  * Restore SourceDateEpoch in tarball for melange (#1310)
  * build(deps): bump google.golang.org/api from 0.197.0 to 0.198.0
    (#1309)
  * build(deps): bump github/codeql-action from 3.26.7 to 3.26.8
    (#1308)

-------------------------------------------------------------------
Sat Sep 21 17:04:01 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.19.0:
  * Keep apk modtime (#1305)
  * Delete a bunch of dead code (#1306)
  * build(deps): bump chainguard.dev/sdk from 0.1.24 to 0.1.25
    (#1301)

-------------------------------------------------------------------
Sat Sep 14 10:35:39 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- BuildRequire go1.23 to fix builds on Leap 16.0

-------------------------------------------------------------------
Sat Sep 14 10:19:09 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.18.1:
  * build(deps): bump k8s.io/apimachinery from 0.31.0 to 0.31.1
    (#1302)
  * build(deps): bump github/codeql-action from 3.26.6 to 3.26.7
    (#1304)
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5
    (#1300)
  * Keep standalone DiscoverKeys function (#1303)

-------------------------------------------------------------------
Sat Sep 14 10:11:56 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.18.0:
  * build(deps): bump google.golang.org/api from 0.196.0 to 0.197.0
    (#1298)
  * build(deps): bump go.opentelemetry.io/otel from 1.29.0 to
    1.30.0 (#1297)
  * build(deps): bump go.opentelemetry.io/otel/trace from 1.29.0 to
    1.30.0 (#1299)
  * build(deps): bump go.step.sm/crypto from 0.51.2 to 0.52.0
    (#1296)
  * build(deps): bump step-security/harden-runner from 2.9.1 to
    2.10.1 (#1295)
  * rsa256 (#1256)
  * build(deps): bump go.step.sm/crypto from 0.51.1 to 0.51.2
    (#1292)
  * Add LoongArch architecture definition (#1275)
  * build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0
    (#1293)
  * build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0
    (#1294)
  * build(deps): bump github/codeql-action from 3.26.5 to 3.26.6
    (#1291)
  * auth: attempt CG auth if envs are configured (#1279)
  * build(deps): bump chainguard.dev/sdk from 0.1.23 to 0.1.24
    (#1289)
  * build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0
    (#1290)
  * upgrade to golang 1.23 (#1278)
  * build(deps): bump go.opentelemetry.io/otel/trace from 1.28.0 to
    1.29.0 (#1286)
  * build(deps): bump github/codeql-action from 3.26.4 to 3.26.5
    (#1288)
  * build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0
    (#1285)
  * codeql needs security-events: write (#1281)
  * build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0
    (#1282)
  * build(deps): bump github/codeql-action from 3.26.3 to 3.26.4
    (#1283)
  * new command: `install-keys` (#1227)
  * build(deps): bump github/codeql-action from 3.26.2 to 3.26.3
    (#1280)
  * Wire up chainctl stderr to os.Stderr (#1274)
  * Expose DiscoverKeys (#1273)
  * build(deps): bump github/codeql-action from 3.26.1 to 3.26.2
    (#1271)
  * Expose type of DefaultAuthenticators (#1272)
  * build(deps): bump github/codeql-action from 3.26.0 to 3.26.1
    (#1266)
  * build(deps): bump k8s.io/apimachinery from 0.30.3 to 0.31.0
    (#1267)
  * build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0
    (#1268)
  * Revert "drop dependency on go.lsp.dev/uri" (#1262)
  * drop dependency on go.lsp.dev/uri (#1259)
  * remove custom log package, charm supports it now (#1257)
  * drop dependency on heredoc (#1258)
  * Bust global caches by default in index tests (#1255)
  * build(deps): bump github.com/chainguard-dev/clog from 1.4.0 to
    1.5.0 (#1254)
  * build(deps): bump chainguard.dev/sdk from 0.1.22 to 0.1.23
    (#1251)
  * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0
    (#1252)
  * build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
    (#1250)
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.3.0 to
    2.4.0 (#1245)
  * build(deps): bump github.com/docker/docker from
    26.1.4+incompatible to 26.1.5+incompatible in the go_modules
    group (#1253)
  * build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0
    (#1249)
  * build(deps): bump github/codeql-action from 3.25.15 to 3.26.0
    (#1247)
  * build(deps): bump github.com/google/go-containerregistry from
    0.20.1 to 0.20.2 (#1246)
  * auth: Set username to "user" (#1244)
  * build(deps): bump step-security/harden-runner from 2.9.0 to
    2.9.1 (#1243)
  * set basic chainguard auth (#1242)
  * build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 (#1239)
  * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 (#1240)
  * auth: Wrap errors (#1241)
  * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0
    (#1238)
  * build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0
    (#1237)
  * build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0
    (#1235)
  * build(deps): bump chainguard.dev/sdk from 0.1.21 to 0.1.22
    (#1236)
  * allow APK auth using assumable identity (#1230)
  * build(deps): bump golangci/golangci-lint-action from 6.0.1 to
    6.1.0 (#1233)
  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to
    4.0.4 (#1229)
  * build(deps): bump github.com/docker/docker from
    24.0.9+incompatible to 26.1.4+incompatible in the go_modules
    group (#1232)
  * Canonicalize the architecture. (#1231)
  * use retryable http client by default (#1228)
  * Fix replacing symlinks (#1225)
  * Merge architectures (#1226)
  * Migrate the configuration locking to `apko`. (#1222)
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4
    (#1220)
  * build(deps): bump github/codeql-action from 3.25.13 to 3.25.15
    (#1221)
  * Create a command similar to `build-minirootfs` for CPIO (#1177)
  * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to
    4.0.3 (#1217)

-------------------------------------------------------------------
Thu Jul 25 05:01:50 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.17.0:
  * begin a new APK client (#1218)
  * remove the concept of Assertions (#1214)
  * Implement client-side APK discovery in `apko` (#1216)
  * copy annotations to config labels (#1215)
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to
    2.3.0 (#1213)
  * build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0
    (#1211)
  * build(deps): bump github/codeql-action from 3.25.12 to 3.25.13
    (#1212)
  * build(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3
    (#1209)
  * build(deps): bump github/codeql-action from 3.25.11 to 3.25.12
    (#1203)
  * build(deps): bump step-security/harden-runner from 2.8.1 to
    2.9.0 (#1210)
  * build(deps): bump github.com/google/go-containerregistry from
    0.20.0 to 0.20.1 (#1208)
  * build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#1200)
  * Remove labels from names and URLs in lockfile (#1163)
  * Add `MergeInto` for combining `ImageConfiguration`s (#1206)
  * Have the Authenticator support returning errors (#1205)
  * Simplify s6 stuff further (#1204)
  * Faster NewPkgResolver and GetRepositoryIndexes (#1202)
  * Add build.MultiArch.BuildPackageLists (#1201)
  * build(deps): bump github.com/google/go-containerregistry from
    0.19.2 to 0.20.0 (#1199)
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3
    (#1197)
  * fix
  * cleanup
  * checkout first
  * tidy
  * index throws nil pointer when no auth set
  * build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0
  * tests are broken due to incosnsistency package version of
    openssl(riscv64) on alpine
  * remove more unknown stuff from example, log more
  * fail on unknown fields, remove os-release from alpine-slim
  * set unknown version ID too
  * remove more cruft
  * move os-release stuff into pkg/build/sbom.go, unexport
  * remove the example
  * remove remote include feature
  * remove os-release from apko config
  * Simplify the resolution logic to use `expandapk.Split` (#1186)
  * build(deps): bump go.opentelemetry.io/otel/trace from 1.27.0 to
    1.28.0
  * build(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0
  * build(deps): bump github/codeql-action from 3.25.10 to 3.25.11

-------------------------------------------------------------------
Wed Jul 03 19:07:59 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.16.0:
  * Fix typo in DefaultAuthenticators
  * Don't mutate accounts if base image is set
  * accept other apk hosts via env, use rate.Sometimes
  * fix unit tests, add StaticAuth
  * add TODO
  * auth: refactor into Authenticator interface
  * Make solving multi-architecture aware
  * Refactor into build.Multi, no behavior change
  * Expose ignoreSignatures functionality to CLI and library
    consumers
  * build(deps): bump github.com/chainguard-dev/clog from 1.3.1 to
    1.4.0
  * example(go): golang example with wolfi base
  * build(deps): bump github.com/google/go-containerregistry

-------------------------------------------------------------------
Wed Jun 19 05:11:36 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.15.0:
  * Skip over "." when creating directories
  * build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1
  * Plumb through the notion of build-time repositories.
  * whoops
  * remove --log-policy flag
  * build(deps): bump actions/checkout from 4.1.6 to 4.1.7
  * build(deps): bump github/codeql-action from 3.25.8 to 3.25.10
  * build(deps): bump k8s.io/apimachinery from 0.29.2 to 0.30.2
  * build(deps): bump imjasonh/setup-crane from 0.3 to 0.4
  * build(deps): bump github.com/klauspost/compress from 1.17.8 to
    1.17.9
  * Add note about --repository-append
  * Add include-paths to build and lock
  * build(deps): bump step-security/harden-runner from 2.8.0 to
    2.8.1

-------------------------------------------------------------------
Wed Jun 12 13:34:40 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.9:
  * remove all SBOM formats except SPDX
  * fix: Add lockfile option to publish command

-------------------------------------------------------------------
Fri Jun 07 19:38:30 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.8:
  * Add expandapk.Split and use it
  * Fix some lints carried over from go-apk
  * update go-apk
  * undo diff-causing change
  * get outta here submodule
  * rm pkg/apk
  * go mod tidy
  * go away
  * goimports -local to make linter a little happier
  * WIP: unsplit go-apk
  * change deprecated flags
  * build(deps): bump goreleaser/goreleaser-action from 5.1.0 to
    6.0.0
  * build(deps): bump github/codeql-action from 3.25.7 to 3.25.8
  * add test that images with old packages can build
  * build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0
  * appease linter
  * fix tests
  * use latest go-apk
  * enable per-host auth

-------------------------------------------------------------------
Sat Jun 01 09:23:29 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.7:
  * ensure homedir respects non-defaults
  * build(deps): bump github/codeql-action from 3.25.6 to 3.25.7

-------------------------------------------------------------------
Sat Jun 01 09:10:13 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.6:
  * plumb through HomeDir as optional build configuration
  * Pull in the auth fix in go-apk (#1145)
  * Update internal/cli/build.go
  * Update internal/cli/publish.go
  * This fixes the boolean logic to pass auth.
  * go mod tidy
  * support basic HTTP auth

-------------------------------------------------------------------
Thu May 30 08:59:06 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.5:
  * fix: redact URLs in config marshaling
  * bump go-apk

-------------------------------------------------------------------
Thu May 30 08:52:10 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.4:
  * go mod tidy
  * bump go-apk

-------------------------------------------------------------------
Sat May 25 15:08:37 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.3:
  * spdx: fixup PackageVerificationCode setting
  * spdx: fixup filesAnalyzed setting
  * spdx: backpopulate supplier & originator for packages
  * spdx: Add test case of merging pkg SBOM without supplier
  * spdx: rename expected.spdx.json ahead of more tests

-------------------------------------------------------------------
Thu May 23 19:46:28 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.2:
  * spdx: Add test of SBOM of packages with custom licenses
  * updated-dependencies:
    - dependency-name: step-security/harden-runner
      dependency-type: direct:production
      update-type: version-update:semver-minor ...
    - dependency-name: go.opentelemetry.io/otel
      dependency-type: direct:production
      update-type: version-update:semver-minor ...
  * sbom: fixup merging LicensingInfos during Image SBOM generation
  * build(deps): bump github/codeql-action from 3.25.4 to 3.25.6
  * build(deps): bump actions/checkout from 4.1.5 to 4.1.6
  * build(deps): bump github.com/package-url/packageurl-go
  * gofmt
  * Fix capitalisation style
  * spdx: allow specifying custom license
  * Bump go-apk
  * Bump go-apk to pick up conflict fix
  * build(deps): bump goreleaser/goreleaser-action from 5.0.0 to
    5.1.0
  * Bump go-apk
  * linter
  * Fix duplicates when overlaying the config with config with no
    contents
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2
  * build(deps): bump golangci/golangci-lint-action from 5.1.0 to
    6.0.1
  * build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
  * build(deps): bump actions/checkout from 4.1.4 to 4.1.5
  * build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0

-------------------------------------------------------------------
Thu May 09 15:48:25 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.1:
  * default supplier to Chainguard
  * fix: remove default supplier for index SBOMs
  * build(deps): bump actions/setup-go from 5.0.0 to 5.0.1
  * build(deps): bump step-security/harden-runner from 2.7.0 to
    2.7.1
  * build(deps): bump golangci/golangci-lint-action from 5.0.0 to
    5.1.0
  * build(deps): bump github/codeql-action from 3.25.2 to 3.25.3
  * build(deps): bump go.opentelemetry.io/otel from 1.25.0 to
    1.26.0
  * build(deps): bump golangci/golangci-lint-action from 4.0.0 to
    5.0.0
  * build(deps): bump actions/checkout from 4.1.3 to 4.1.4
  * build(deps): bump github/codeql-action from 3.25.1 to 3.25.2
  * build(deps): bump actions/checkout from 4.1.2 to 4.1.3
  * Parse apkindex only once during initialization
  * Comment fix
  * Refresh make generate
  * feat(user): Allow overriding the default shell
  * Update sbom-aarch64.spdx.json
  * spdx: remove more mentions of files
  * build(deps): bump golang.org/x/net in the go_modules group
  * Run build script for apko examples if such exists
  * Prepare the script to be run as part of github workflow
  * Fix golangci-lint
  * build(deps): bump github/codeql-action from 3.25.0 to 3.25.1
  * build(deps): bump github/codeql-action from 3.24.10 to 3.25.0
  * Add example for building on top of base
  * Update pkg/build/types/image_configuration.go
  * Update internal/cli/build.go
  * Address part of the comments from review round 1
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to
    2.2.4
  * build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0
  * Improve getImageForArch - nested index support and lookup of
    arch in config
  * Build and lock support for base image
  * Build and lock support for base image
  * Build and lock support for base image
  * build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0
  * build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0
  * build(deps): bump github/codeql-action from 3.24.9 to 3.24.10
  * build(deps): bump go.opentelemetry.io/otel from 1.24.0 to
    1.25.0
  * build(deps): bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1
  * build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0
  * build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to
    5.12.0
  * Add testdata for apko on top of base image
  * build(deps): bump github/codeql-action from 3.24.8 to 3.24.9
  * build(deps): bump github.com/charmbracelet/log
  * more tests
  * fix golden tests
  * fix test
  * try to fix this test
  * ignore Files when generating SBOMs
  * build(deps): bump github.com/docker/docker
  * build(deps): bump github/codeql-action from 3.24.7 to 3.24.8
  * build(deps): bump github.com/google/go-containerregistry
  * Add more spans around potentially slow ops
  * build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
  * Add Harden Runner audit configs
  * build(deps): bump actions/checkout from 4.1.1 to 4.1.2
  * build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.29.2
  * Bump go-apk
  * build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to
    2.6.3
  * build(deps): bump github.com/stretchr/testify from 1.8.4 to
    1.9.0
  * build(deps): bump github/codeql-action from 3.24.5 to 3.24.6
  * Bump go-apk
  * build(deps): bump go.opentelemetry.io/otel from 1.22.0 to
    1.24.0
  * build(deps): bump github/codeql-action from 3.23.2 to 3.24.5
  * Store checksum of apko-config in the lock-file to detect
    changes in origin.
  * Drop creating group log
  * Allow apko dot to be cancelled
  * build(deps): bump golangci/golangci-lint-action from 3.7.0 to
    4.0.0
  * Make sure we clean up after ourselves
  * Preserve APK hardlinks
  * build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
  * build(deps): bump github.com/chainguard-dev/clog from 1.3.0 to
    1.3.1
  * go mod tidy
  * fix repro test
  * pick up go-apk changes
  * move some logs to debug, avoid duplicate work/logs
  * Cancel context on interrupt signal
  * go mod tidy
  * use charmlog @ head to get levels"
  * support log-level flag
  * Plumb ctx through daemon package
  * use charm logger
  * build(deps): bump github.com/chainguard-dev/clog
  * build(deps): bump github.com/google/go-containerregistry
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.1 to
    2.2.3
  * build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0
  * Make apko dot show errors
  * build(deps): bump github/codeql-action from 2.22.6 to 3.23.2
  * build(deps): bump actions/setup-go from 4.1.0 to 5.0.0

-------------------------------------------------------------------
Wed Jan 31 14:20:12 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.14.0:
  * Bump go-apk to pick up new solver behavior
  * Plumb offline flags around more
  * Audit workflow permissions (#1017)
  * Add test and trailing new line to `apko.lock.json` files.
  * simplify logging to use slog
  * remove unused MarkDeprecated
  * remove unused AdditionalTags method
  * drop deprecated options field

-------------------------------------------------------------------
Mon Jan 15 20:42:20 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.13.3:
  * build(deps): bump github.com/cloudflare/circl from 1.3.5 to
    1.3.7
  * Return better error messages for missing config
  * Drop multierror for errgroup

-------------------------------------------------------------------
Sun Jan 07 18:12:07 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.13.2:
  * build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to
    5.11.0

-------------------------------------------------------------------
Sun Jan 07 18:10:34 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.13.1:
  * Strip leading slash before sbom ownership check

-------------------------------------------------------------------
Sun Jan 07 18:09:12 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 0.13.0:
  * Update NEWS.md for v0.13.0
  * Use idb to drive sbom file inclusion
  * Add golden tests
  * Change testdata to be a bit smaller
  * Fix duplicate IDB entries
  * build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0
  * Update lock.go
  * Make sure list of 'repositories' in the 'resolved.json.file' is
    complete.
  * Again we were not doing post-actions.
  * Fixing Lint errors.
  * Rename --resolved-file to --lockfile (all over the place).
  * Integrate apko with InstallPackages api in go-apk. Support
    locked build with --resolved-file.
  * Improve the architecture handling.
  * Apko interpeting resolved (lock) file: Prototype 1.
  * Ensure jsonschema is kept up to date.

-------------------------------------------------------------------
Thu Nov 30 09:08:12 UTC 2023 - kastl@b1-systems.de

- Update to version 0.12.0:
  * Update NEWS.md for 0.12.0
  * Allow existing packages to replace installed pkg
  * Fix packages with multiple Replaces
  * Add binary to generate json schema.
  * review feedback
  * fix and continuously validate SBOMs

-------------------------------------------------------------------
Thu Nov 16 14:56:08 UTC 2023 - kastl@b1-systems.de

- Update to version 0.11.3:
  * Update release.md
  * Create release.md
  * Drop cloud keychains
  * Try to approximate ~ in apko dot
  * build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7
  * build(deps): bump github/codeql-action from 2.22.5 to 2.22.6
  * build(deps): bump golang.org/x/term from 0.13.0 to 0.14.0
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to
    2.2.1
  * update go-apk dependency
  * build(deps): bump go.opentelemetry.io/otel from 1.19.0 to
    1.20.0
  * build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0
  * build with go 1.21
  * use main
  * use pushed PR
  * WIP: use forked alpine-go in go-apk
  * cleanup: remove unused flags
  * build(deps): bump github.com/docker/docker

-------------------------------------------------------------------
Mon Oct 30 19:10:59 UTC 2023 - kastl@b1-systems.de

- Update to version 0.11.2:
  * Update NEWS.md for v0.11.2
  * Bump go-apk to fix solver
  * build(deps): bump github/codeql-action from 2.22.4 to 2.22.5
  * build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6

-------------------------------------------------------------------
Fri Oct 27 04:54:37 UTC 2023 - kastl@b1-systems.de

- Update to version 0.11.1:
  * Update NEWS.md for 0.11.1
  * Pass UID and GID mapping to the tarball writer
  * Add json tags to ImageConfiguration types.
  * build(deps): bump github/codeql-action from 2.22.1 to 2.22.4
  * build(deps): bump actions/checkout from 4.1.0 to 4.1.1
  * drop sync-issues-to-project-board.yaml not used anymore
  * streamline release workflow
  * call ImageConfiguration()
  * Remove Trailing / if there any
  * Fixed the make-devenv script

-------------------------------------------------------------------
Thu Oct 19 06:24:13 UTC 2023 - kastl@b1-systems.de

- Update to version 0.11.0:
  * Update NEWS.md
  * Clone image config's env to avoid race
  * feat: implement resolve command
  * build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0
  * build(deps): bump sigs.k8s.io/release-utils
  * build(deps): bump go.opentelemetry.io/otel from 1.18.0 to
    1.19.0
  * build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0
  * Add additional error info when trying to run as a root user.
  * build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0
  * build(deps): bump github/codeql-action from 2.21.7 to 2.22.1
  * change Use and error msg
  * build(deps): bump actions/checkout from 4.0.0 to 4.1.0
  * dot: show version in node label
  * ensure propagated logger is used
  * Add apko dot command
  * build(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to
    5.9.0
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to
    2.2.0
  * build(deps): bump gitlab.alpinelinux.org/alpine/go
  * chore: remove CODEOWNERS file
  * build(deps): bump goreleaser/goreleaser-action from 4.4.0 to
    5.0.0
  * build(deps): bump github/codeql-action from 2.21.5 to 2.21.7
  * fix: Development typo
  * build(deps): bump k8s.io/apimachinery from 0.28.1 to 0.28.2
  * upgrade Go to 1.21 and several ci updates
  * update version comments
  * update version comments
  * build(deps): bump go.opentelemetry.io/otel from 1.17.0 to
    1.18.0
  * Write index as layout if target is a directory
  * Close tarfs files
  * Bump go-apk
  * Bump go-apk
  * Drop dependency on deleted packages
  * Allow replacement by different origin
  * build(deps): bump actions/checkout from 3.6.0 to 4.0.0
  * build(deps): bump golang.org/x/term from 0.11.0 to 0.12.0
  * Don't buffer everything
  * Expose tarfs
  * Use tarfs implementation for publish/build
  * Add an internal tarfs implementation
  * Don't require testify
  * Bump go-apk
  * build(deps): bump github/codeql-action from 2.21.4 to 2.21.5
  * Plumb --offline flag
  * add tests to publishCmd for --sbom-path
  * fix: publish cmd --sbom-path not writing files
  * build(deps): bump github.com/jinzhu/copier from 0.3.5 to 0.4.0
  * Pass a whole fs instead of a workdir to build
  * upgrade go-apk to 20230827 snapshot
  * build(deps): bump k8s.io/apimachinery from 0.27.3 to 0.28.1
  * build(deps): bump github.com/package-url/packageurl-go
  * build(deps): bump actions/checkout from 3.5.3 to 3.6.0
  * build(deps): bump golang.org/x/term from 0.9.0 to 0.11.0
  * fix: publish --stage-tags missing generated tags
  * Don't call build.New for index SBOM
  * Set reasonable concurrency levels for pgzip
  * remove build options
  * build(deps): bump golangci/golangci-lint-action from 3.6.0 to
    3.7.0
  * build(deps): bump github/codeql-action from 2.20.0 to 2.21.4
  * build(deps): bump goreleaser/goreleaser-action from 4.3.0 to
    4.4.0
  * fix: incorrect arch tag equality detection
  * build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
  * build(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0
  * Remove ldconfig step from build
  * build(deps): bump github.com/google/go-containerregistry
  * fix: assignment to nil map when using annotations via CLI flag
  * update NEWS.md for 0.10.1
  * Improve path mutation errors
  * improve error messages when mutating paths
  * Update NEWS.md
  * Optimize SBOM generation
  * build(deps): bump github.com/klauspost/pgzip from 1.2.5 to
    1.2.6
  * build(deps): bump github.com/cloudflare/circl from 1.2.0 to
    1.3.3
  * Update README.md

-------------------------------------------------------------------
Tue Aug 01 13:05:39 UTC 2023 - kastl@b1-systems.de

- Update to version 0.10.0:
  * fix --workdir
  * restore handling of packageTag CLI flags for publish
  * Remove sbom generator indirection
  * Split publishing and loading
  * Inline apk package (mostly) to use go-apk directly
  * Stop exposing build.Context fields
  * Add a test to catch SBOM changes
  * Remove WantSBOM and GenerateSBOM
  * Remove buildImplementation
  * Add a test to verify no output changes
  * Remove unused executor package
  * when setting SOURCE_DATE_EPOCH, ensure string is not blank
  * Pull in the latest changes to go-apk (#802)
  * Don't compute layer hash twice
  * bump go-apk
  * work with no cache when cache-dir is not set and HOME is not
    set
  * report error when cannot create apkimpl object
  * Bump lint
  * Fix race
  * Bump go to 1.20
  * Bump go-apk
  * Add 4MiB bufio for pgzip
  * Bump go-apk to pick up faster installs
  * Switch from pargzip to pgzip
  * Bump go-apk dep to pick up otel spans
  * Add otel spans
- BuildRequire go1.20

-------------------------------------------------------------------
Mon Jul 03 06:12:20 UTC 2023 - kastl@b1-systems.de

- Update to version 0.9.0:
  * add release notes for 0.9.0
  * update go-apk component to 20230630 snapshot
  * go mod tidy
  * bump go-apk dep to stop fetching alpine keys all the time
  * base ci tests on examples
  * build(deps): bump github.com/sigstore/cosign/v2
  * Always pass WithLogger first
  * Always UTC time.Unix (#758)
  * Pull in go-apk timestamp change (#757)
  * Bump go-apk, deduplicate extras
  * add annotations to index manifest
  * add optional oci volumes field to resulting image config
  * go-apk with support for pinned pre-existing as deps
  * improved show-packages output
  * build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#679)
  * Address go vulnerabilities
  * Pull in
    https://gitlab.alpinelinux.org/alpine/go/-/merge_requests/25
    (#742)
  * Update go-apk to pull in Jon/Avi's changes (#746)
  * build(deps): bump golangci/golangci-lint-action from 3.4.0 to
    3.6.0 (#739)
  * build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (#740)
  * build(deps): bump goreleaser/goreleaser-action from 4.2.0 to
    4.3.0 (#741)
  * build(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0
    (#734)
  * build(deps): bump github/codeql-action from 2.3.2 to 2.20.0
    (#745)
  * bump go-apk to inherit increased debug logging
  * Remove build implementation interface
  * safe rename
  * fix apk caching
  * support for apk package caching
  * restructure oci package
  * unify publish and build commands
  * avoid nil panic
  * lint
  * change how default envs are set
  * Test PublishCmd
  * Add a no-op test for PublishCmd
  * Check that images have the correct layers
  * Pass remoteOpts to publishIndex
  * run tests with race detector
  * Revert "Remove some more indirection"
  * Revert "Finish the argument movement"
  * fix: pass --extra-packages correctly
  * extend summarize to provide the rest of the options
  * Move default remote options out of library
  * adds warning when etc/os-release is actually generated
  * Finish the argument movement
  * Remove some more indirection
  * appease linter
  * add --extra-packages, deprecate build options
  * bump go-apk to fix infinite symlinks
  * Stop using tarball.LayerFromFile
  * Fix CI (#701)
  * Remove indirection for apk implementation
  * add option to change directory before executing
  * use upstream go-apk tarball functionality
  * Fix annotations.
  * build(deps): bump github.com/stretchr/testify from 1.8.2 to
    1.8.3
  * build(deps): bump github.com/sirupsen/logrus from 1.9.0 to
    1.9.2
  * go-apk with proper error messages for arch with missing
    APKINDEX
  * Fix the error wrapper (#677)
  * Fix stupid boolean logic bug (#678)
  * Feature: Compute the default timestamp from installed APKs
    (#675)
  * Add test of determinism (#668)
  * latest go-apk with consistent file ordering
  * Fix: add timeouts to several actions legs. (#672)
  * Fix: Explicitly default the `SourceDateEpoch` (#671)
  * Cleanup: Make the Services type more concrete. (#664)
  * Cleanup: Use a string alias instead of struct. (#663)
  * bump go-apk to include world newline fix
  * Update pkg/build/types/types.go
  * document the fields in types/
  * update go-apk to include race prevention
  * build(deps): bump gitlab.alpinelinux.org/alpine/go
  * use external apk-go library
  * add hotfix for alpine-go
  * apk: install: add support for replaces
  * build(deps): bump github/codeql-action from 2.2.12 to 2.3.2

-------------------------------------------------------------------
Mon May 01 06:16:11 UTC 2023 - kastl@b1-systems.de

- Update to version 0.8.0:
  * update NEWS for apko 0.8.0.
  * allow overwrite of existing file if origin matches
  * better sort order for packages when writing to apk/db/installed
  * Plumb context
  * Optimize ggcr interactions
  * add ability to read busybox links from package manifest
  * report complete yaml when fail to build, if debug is enabled
  * handle versioning in provides
  * add testcase for alpine python3~3.11 change
  * version: fix tilde matching in packageNameRegex
  * add optional support for self-package resolution
  * Update pkg/apk/impl/version.go
  * add support for tilde matcher
  * iocomb: try to make log target parent directory if necessary
  * cli: use iocomb.Combine to combine multiple log outputs into a
    log policy
  * add iocomb package
  * internal: cli: use NewLogger as needed to instantiate the
    logger
  * log: adapter: default log level to InfoLevel
  * build: add WithLogger option to set a context logger
  * log: add output to NewLogger and add DefaultLogger for stderr
    logging
  * options: default to using io.Discard for logging
  * return all matches for PkgResolver.ResolvePackage
  * exec: update tests to use log.Logger instead of logrus
  * apk: update tests to use log.Logger instead of logrus
  * log: introduce Adapter type
  * everywhere: use abstract logger type, remove logrus from
    internals
  * expose GetRepositoryIndexes
  * expose GetPackage to resolve a single package with constraints
  * use interface to pass to NewPkgResolver
  * build(deps): bump actions/checkout from 3.5.0 to 3.5.2
  * build(deps): bump github/codeql-action from 2.2.11 to 2.2.12
  * fix mid-level symlinks for native-memfs
  * native in-memory filesystem
  * busybox install ignore existing link or file
  * Remove duplication, add make target
  * build(deps): bump github.com/sigstore/cosign/v2 from 2.0.0 to
    2.0.1
  * build(deps): bump github/codeql-action from 2.2.10 to 2.2.11
  * log: formatting enhancements
  * build(deps): bump golang.org/x/term from 0.6.0 to 0.7.0
  * build(deps): bump github/codeql-action from 2.2.9 to 2.2.10
  * feat: send useragent in HTTP requests
  * appease linter
  * apk: downgrade package-level install notices to debug
  * add internal logging package
  * build(deps): bump github.com/docker/docker
  * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
  * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
  * ensure truncate when creating new file in case one already was
    there
  * Change the busybox detection logic to support "provides".
  * Add docs on stop-signal.
  * Add StopSignal support.
  * update NEWS for apko 0.7.3.
  * build(deps): bump github/codeql-action from 2.2.7 to 2.2.9
  * Add codeowners
  * build(deps): bump actions/checkout from 3.4.0 to 3.5.0
  * Add CI test harness
  * Add SBOM quality CI test
  * When build and publish, carry buildcontext to sbom generation
  * create homedir 0700, but parents 0755
  * record when writing symlinks to case-sensitive
  * generate list of links for busybox
  * build: accounts: go back to using 0o755 permissions for the
    homedir

-------------------------------------------------------------------
Sun Mar 19 14:00:06 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

- new package apko